Medopad Remote Patient Monitoring (a Huma company solution)

The Medopad platform provides care teams with the ability to capture a wide range of health data on their patients using a smartphone. This data is transferred in real-time to a clinician dashboard to help identify deterioration and support proactive care. This solution is already deployed across 20+ NHS organisations.


  • Capture information remotely including vital signs, symptoms and patient-reported outcomes
  • Improve understanding of a patient's condition to identify deterioration earlier
  • Easy-to-use smartphone app accessible on most iOS and Android devices
  • Clinician dashboard accessible via web-browser to enable multi-setting monitoring
  • 15+ configurable modules to support chronic, acute and rare diseases
  • Clinician initiated telemedicine functionality to enhance engagement with patients
  • Integrate connected devices (via bluetooth) to support seamless data upload
  • Create alerts and thresholds against vital signs to triage patients
  • Out-of-the-box solution with mass data extraction feature to support integration
  • COVID-19 configuration implemented across multiple NHS sites via NHSx


  • Evidence of significantly enhancing clinical capacity to monitor/manage more patients
  • Safely monitor patients at home and reduce unnecessary face-to-face activity
  • Improve patient outcomes and reduce complications by capturing deterioration earlier
  • Facilitates multi-disciplinary working across clinical teams and different care settings
  • Enhances patient self-management ability and understanding of their own condition
  • Solution has high adherence rates (90%+)
  • Reduce unnecessary A&E attendances, outpatient appointments and non-elective admissions
  • Enables facilitated early discharge and helps reduce length of stay
  • Improve patient experience by providing access to high quality solutions
  • Standalone system allows for rapid implementation


£570 to £8000 per instance per year

Service documents


G-Cloud 11

Service ID

2 0 9 4 7 0 5 9 0 4 9 2 3 4 0



Nita Shah

01707 329 239

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 24 hours, or the next working day at weekends
User can manage status and priority of support tickets
Phone support
Web chat support
Onsite support
Onsite support
Support levels
Level 1 - email support ;
Level 2 - technical account manager ;
Level 3 - technical support (development team) ;

Support is included in the licensing fee ;

Yes, we provide technical account manager
Support available to third parties

Onboarding and offboarding

Getting started
- 'How to use Medopad' accessible to users from within applications
- Onsite training provided for larger roll-outs
Service documentation
Documentation formats
End-of-contract data extraction
We can export all data into a .csv file format and hand it over to the client in a secure manner, in accordance with a signed agreement with the client
End-of-contract process
Extraction and hand-over of data is included in the licensing fee, i.e. there is addition cost.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
Native applications for iOS and Android are available
Service interface
Description of service interface
There is a web interface for Clinicians
Accessibility standards
None or don’t know
Description of accessibility
Accessibility testing
What users can and can't do using the API
A RESTful API is available for all operations the user needs to perform
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
The choice of modules and their configuration, colour schemes, learn content and branding


Independence of resources
The service is hosted on Amazon Web Services utilizing a number of services such as EC2 and Elastic Beanstalk which allow the service to scale under stress across all the tiers in the platform


Service usage metrics
Metrics types
Metrics on the number of user transactions e.g. medication adherence, symptoms over any time period as well as average response times
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Data can be exported in CSV format via a request to Medopad
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Priority P1 "Interruption of a critical service causing a severe impact on service availability.Widespread security breach in service to external customers. " Target Resolution\ restoration to service: 8 hours ;;

Priority P2 "Critical functionality degraded or unusable resulting in a large impact on services" Target Resolution\ restoration to service: 12 hours ;;

Priority P3 "Non critical service, for example, operational impact, but with no direct impact on service" Target Resolution\ restoration to service: 72 hours ;;

Priority P4 "Minimal impact to a service" Target Resolution\ restoration to service: 5 working days;;

If we don't meet service levels, we provide you with service credits.
Approach to resilience
The platform is hosted on Amazon Web Services data centers utilising many elastic services such as RDS and Beanstalk which allows the service to use multiple servers in different locations if the is a outage / service disruption in one center
Outage reporting
We can send emails to registered users

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
All API's require the user to have authenticated
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Provided by Amazon Web Services
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Unsure. ISO27001 is part of the Amazon Web Services
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
CE mark (MHRA registration number CA013882)

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
NHS Digital Information Governance Toolkit
Information security policies and processes
The information security policies and processes are all contained within the company Quality Management System and Technical Files. This includes the information security policies and processes that satisfy the requirements for the Information Governance Toolkit produced by the Department of Health (DH) and hosted by the Health and Social Care Information Centre (HSCIC). Medopad's Quality Representative ensures that these policies and conveyed to the company. The Quality representative reports to Medopad's CTO, who is the board-level person responsible for service security. The processes include periodic audit, penetration testing - where appropriate, the results of these are reported to the CTO.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All configuration is managed in our source repository which gets reviewed and versioned prior to release
Vulnerability management type
Vulnerability management approach
We ensure our servers are patched monthly and we can deploy critical fixes within 12 hours after going through integration testing

We asses threats using various online resources
Protective monitoring type
Protective monitoring approach
We deploy various forms of integration tests which ensure the API is for for purpose and can deploy fixes within 12 hours
Incident management type
Supplier-defined controls
Incident management approach
We follow a lightweight ITIL Incident management process

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£570 to £8000 per instance per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑